SULLIVAN, BRYAN L (ATTCINW) wrote:
> Placing broad restrictions on widget-context webapp access to network resources (substantially different from browser-context webapps) is not an effective approach to creating a useful widget-context webapp platform. That would create a significant barrier to market acceptance of the W3C widget standards.
Opera does not agree. We've had a similar model in place for a long time
in our proprietary implementation and we have not faced any issues in
the marketplace.
The WARP spec solves many problems that arise from not actually having a
network established origin, and may even avoid the confused deputy
problem CORS is currently facing (which locally running widgets won't be
able to use anyway).
I think that technically we are in agreement; but we are just in
disagreement about the level of granularity that the WARP spec affords
to authors. For the record, I like the way WARP is currently specified:
it's easy to use, and essentially works in much the same way as the same
origin policy does for Web documents... but with the added bonus of
being able to do cross origin - but with the restriction of not being
unrestricted, like it's the case for web documents.